CFP2000 WFPD: Deborah Pierce's raw notes

These notes are raw and not post-processed.
They were all taken while the workshop was going on, and hence
are not polished and not guaranteed complete or necessarily even balanced --
many scribes took extensive notes on only parts of the entire discussion.

CFP Workshop Privacy by Design
Replacing the Domain Name System
What's broken?
IP and land grabs
Political chokepoint
Little guys
A modest Proposal
Throw away the hierarchy
Lets call the new system smoosh
Names no long e unique
Land grabs much more difficult
Everyone can register an unlimited number of names for free
Routing is unaffected
DNS part 2
Implementation
Abundant local computation and storage
Clusters of cached relationship information
Mapping SN
Talk by Rebecca Wright
Replacing the domain name system
What to Protect?
Privacy, Free Speech, anonymous speech --
Different governments have different laws
Different individuals have different opinions
Different needs of governments, corporations, and individuals
Who should decide?
Interplay between:
Government
Public interest groups
Voluntary industry standards
Consumer-driven
Technology itself
How to achieve?
Not enough to design and implement solution
Difficult to influence users
Users may not understand - implications of their choices (on privacy, etc.)
Users choose convenience
Integration with existing systems - "the microsoft factor"
Requirements
Convenient
Fair - equally available to anyone, protects all users
Backed by industry - for direct commercial reasons or in response to
government and consumer pressure
Tools
Cryptography - protects data in transit, does not protect ends
Open source software - pluses and minuses
Consumer/voter education - don't overwhelm them
Alma Whitten talk
Warning:
When trying to provide privacy and security via tech, do not expect users
to:
Know what they need,
Read manuals,
Keep trying, or
Recognize success
When dealing with privacy these items become even more difficult
Regard with Suspicion
Proposals which assume:
Users manage key distribution
Users pay attention to digital signatures
Users comprehend policies
Tools or appliances???
Tools: general, robust, need skill
Appliances, specific, fragile, need less skill
Automation Guidelines
Either system must always work,
Or
Users must know how to compensate
Or
Functionality must not be crucial
(consider for DNS)
Two Different Goals
1. Get solution in place for those who already want it
And/or
2. Sell solution to those who don't yet know they need it.
(consider for the cash project)
Initial Comments
Ian Brown-DNS useful -- because it is at a lower level
Smoosh names - Distributed search provides relevance-
? - need to make a distinction between email and ___
Joel Reidenberg- planning for implementation - need a route around because
DNS is not going away. Ecommerce sites will hate smoosh names because of a
lack of certainty that when a user goes to AT&T they will get to AT&T, not
something else.
Has ecommerce won? Too late for anything else? Not necessarily, but they are
quite strong. He doesn't feel that the existing DNS will go away. We will
need a route around.
What can we do to make smoosh names more attractive.
John G. - smoosh names will have to grow up along with DNS. How to make the
system do more than it was designed to do.
What is the goal here? What do we want the system to do that it doesn't
already do? Don't need a hierarchy? But here, hierarchy is a good thing.
Easier to sort.
Lance Cottrell-users expect that if they have always typed in a certain
name, that this will continue to work. Often you would want to broadcast
info about yourself - biz cards. How can you be sure that people can find
you?
Dave K. - Deployment and wide distribution? Will people actually download
the software? Problem - unless some solution is sufficiently attractive in
the biz community then the software might not be supported.
Alma - people comfy with bookmarks. Could they become comfortable with
aliases?
Ian Brown - privacy interests? Database on your machine with all of your
info on your machine. Solution? You can act as a conduit? --
Deirdre- don't think that it addresses the issues -- Not sure it helps the
little guy. Not sure if this proposal addresses this issue. How does it
address the land grab issue?
Lenny - replacing or overlaying -- He was trying to get away from a hierarchy.
Would like a system with redundant or duplicate names. Ex. One name for IBM
but a million John Smiths.
Rebecca-
Expectations -if disambiguation is usually right, users (incl. Software
designers) will think it is always right.
Common name problem - uses with common names may still need to choose those
unusual SN's to help disambiguation.
Privacy - may make things worse
How do you know when wrong site is reached.
__
Is there a "diameter dichotomy"? you go a few hops and get "friends" go a
few more hops and you get the world.
Alma - if no hierarchy, then potential attacks. Disinformation possible.
John G. re land grabs. Make a large enough number of names available that it
becomes unattractive financially for others to grab names. Can pick
suffixes?
Roger Clarke-lets do the easy stuff first - commercial v. personal v.
activists. Classify each?
Phil Z.-certainty issues. If I want barns & noble, I want barns & noble. If
"dot com" is barns and noble, but other suffixes can be something else -
then you create ambiguity. How can we satisfy this "requirement"?
John G. Comment to Roger - Netscape put a naming system in their browser.
Ian B. - tension between a globally unique address and ease of use.
Jonathan Reidenberg - chair of ICANN working group. Utility of smoosh
overlay? Pros and cons of this? Adding a lot of top level suffixes would
really help. Not politically possible right now. Trademark problems will
still exist. Not clear that if smoosh names would help with this.
Alma-wanting a name that is finable v. wanting a name that is "good". Think
phone books. Doesn't matter if there are duplicates.
Patrick - background assumptions -- implications - need to think about what we
are doing. Are we assuming that the multinationals are the most important
entities. Communities --
?-for local stores, use web yellow pages. What is the killer app for this
problem?
Public questions:
Simpson Garfinkle- DNS was meant to be used by people, but ip addresses was
not. We never really meant to use a content based addressing system. Need to
deploy new servers?? Top level domains - still will have trademark problems.
His solution would be to remove content from the addressing system.
Stanton-goals- 2 severable ones - decentralization to protect privacy, etc.
- IP issues that have nothing to do with the tech solution. Independent of
the Net, but manifesting themselves here. Which things can we do to solve
each. Make it more like a phone numbering system.
Break
Two problems - to separate
Finding B& N and finding John G.
Deirdre - underestimating the power and money of those in power -
corporations plus governments. She's not sure that complicating enforcement
is going to solve the problem.
John G. - part of the complication is that people are using DNS for finding
things rather than for naming things.
Dave Philips - Circle of Friends kinds of organizations. Institutional
brokerage.
Thomas-problem is too big. Something that he is afraid of - being able to
post, but not being able to take down. What do we want from our services?
? - We should agree on a set of goals in order to design a system. One goal
- to reach a particular entity - the one that you want. Another one is to be
able to find a community of friends.
Carl Page - finding people - match dot com, aol, homepages + search engines
to use to find people.
?- how do we prevent the big companies from smashing the smaller ones.
John Larson - comments - DNS not useful for human searches. What humans need
v. what machines need. Right now the net works - if we replace DNS, will
the Net still work. He would like to hear some policy statements on the
search engines - what info they present to us, b/c naming has to do with how
you search and what you find. Do you find the product of a search engine if
the owner of that "hit" has paid the most money.
Carl - DNS in the context of web browsers
Carl Page - DNS performance sucks. Think about napster - distributed
Dave Del Torto- --
Lenny - naming v. finding. How do we prototype it? How do we incrementally
deploy it?
Fen- Upper end of the tool bar being a "find engine". DNS still exits but
people don't use it as much to find things.
Lisa-yes, but -- whatever we do has to integrate with the search engines.
Jon- integrating search engines into the browser, but problem - search
engines are limited. Tech used by search engines is inherently limited.
Smoosh names to be used for finding?? Not use it for naming??
John G.- How to build these things in? Suppose we came to a consensus? How
would we do this in the real world?
John Brockman- ..
Dan Gilmore- leads to make it all proprietary. How will we find a way to
prevent that from happening.
Stan- what about using xml, using corporate tags or trademark tags? Can
this be used so that we don't have to get rid of DNS.
Ian Brown - that's why distributed systems should work better.
Lenny - search engines, but, people who may not be easy to find because
their web presence may not be very big.
Wendy - we are having the same problem as ICANN b/c we can't decide what the
goal is -- reaching an impass.
John G. - Define the problem
Wendy - don't want microsoft or the government to own the whole Net.
Lance - need to integrate email, palm devices, etc. Our solution needs to
be able to function in all of those environments.
Stanton - finding and naming, but we need to design privacy in -- that's why
we're here.
Lenny - privacy not a big part of the DNS issues.
John G. - focus. Getting around centralized naming (centralized control).
? freehold w/o interference to use in the appropriate context.
Ellen Olman- hierarchy =3D fast. Naming isn't.
Adam-using the courts seems like a good thing, but freedom of speech
shouldn't have to rely to be "under the radar".
Gail Williams- confusion between naming and finding. Use a special character
in front of the name and that doesn't =3D trademark.
Wendy - weird geographical thing. Useful if the url could reflect the native
language of the site.
Carl - all of the power is not in the hands of the legislature. Power of
code.
Carl Page - metadata is evil. If we rely on metadata, we need to rely on an
organization that can be used to go and check the metadata.
Patrick - What can we do? 1. Go out and do it - go write code. 2. Construct
a dialogue that continues after this workshop - having a continuing
conversation with people who write the code.
Jean - don't build out ambiguity. Shouldn't hold everything up to the
ecommerce standard.
Carl - second the previous speaker.
? - think about incentives for unsophisticated users so that we don't have
to go to a proprietary system or end up with tyranny of the majority.
Stanton - geography may not be all that important.
Lance - another vote against geographical resolving of names. Shouldn't tie
it down that way.
Lisa - she disagrees. More trust -- Doesn't make sense from a technical
standpoint, but if we want people to use it --
Cfp-wfpd-notes@media.mit.edu - send notes here.
Afternoon
Papers- anonymity and unobservability. Design issues. July 25, 26th in
Berkeley. More technical. Extended deadline for papers =3D 5/1/00.
www.icsi.berkeley.edu/~hannes/ws/edu
Business Methodology
How do we motivate business adoption?
Biz makes money from data mining
Consumers don't realize what's going on
Some possibilities
Data chernobyl
Advertising campaigns -who pays?
New biz whose purpose is protecting civil liberties
Which comes first, tech or biz?
David Phillips
Contours of privacy as a political issue.
Nuclear issues-anti nuke
Historical perspective
Resources:
Oppositional expertise
NIMBY
2nd phase
media savvy
attractive cultural norms
anti nuke ideology. Socialist movements. Peace, ecology. Strong links to
those.
This brought in a lot of already mobilized groups.
Big idea
How do we create a populace that is cognitively prepared and socially
resourceful
To understand and react to Chernobyl event. He would like to make
fingerprinting on driver's licenses a chernobyl event.
Possible ideas of privacy threats
Individual autonomy
Intimate relations
Government and citizen
Merchant and consumers
Cultural autonomy
Demographics, profiling
In the Popular literature
Enemies are governments, hackers and advertisers
Individuals is victim and hero
Little discussion of intimacy and cultural autonomy and discrimination
Can notions of intimacy , cultural autonomy and social discrimination ///
Privacy memes linked to racism sexism economic justice globalization
cultural displacement - looking for links. Need to be able to make linkages,
and be able to form coalitions. He recognizes that this means moving a bit
away from the libertarian ethic.
Possibilities for coalitions
WTO, World Bank, IMF opposition, biotech, civil rights
John G.
Free software - getting biz to use and do the right thing.
Cygnus co-founder
Don't screw up the biz on the practical stuff - pay your employees, ect.
Biz resistance to free software
"If you don't like the news, go out and make your own." If you don't like
biz on privacy go start your own that can protect privacy.
John just started "Free$/WAN - used to protect civil liberties? Tries to
implement automated privacy. Encrypts network traffic - get the "fax"
effect. Use the software, Those who use it have encryption among them.
Makes the net more secure. Not structured as a biz - yet.
General discussion
Deirdre-profiling - =3D gap in privacy law. Not quite an invasion of privacy,
or discrimination. Coalition building - but it's a challenge.
Colin Bennett - doesn't like the privacy chernobyl. Doesn't like that it
implies a high tech problem. He sees it as tech with human error. He's
concerned with surveillance - when surveillance works perfectly.
John G - whipping people into a frenzy doesn't seem like sound public
policy.
Ann-Chernobyl. People trust the tech, but when privacy is invaded they want
the privacy advocates to do their jobs.
Ari- engaging companies about how to build in privacy.
Xxxxxxx - gap
Deirdre- wrote letters to many biz - like Intel - explaining that there is a
problem re: privacy - what are you going to do about it? Businesses wrote
back to let her know what they were going to do.
Roger- still: What positive things can we do to incent business. Profit?
Will that help? Permission based marketing?
?Anti-virus software folk may help. We have identified this many viruses,
here's what we've done. At some point the vendors formed a consensus - can
we get biz to form a consensus that privacy should be protected (in a
general way), can we move forward that way?
Read book like "Toxic sludge is good for you". Marginalize and discredit
those who biz disagrees with. This will preserve the status quo that biz
wants.
Break
Cash
What's cash?
Universal acceptance
Assured anonymity
Ease of use
Bounded liability
Everybody is a merchant
Why we don't have it on the net yet
IP fights
Cryptographic export restrictions (historical and current)
Government resistance
Lack of consumer interest
Cash, part II
How about prepaid cash cards?
Like a metro pass
Sell them in 7-11
Unlinkability via cash-for card and tossing refills
Problems
Credit card companies are obvious players, but want to data mine.
Requires physical infrastructure
Still not peer to peer
Can we fix it?
Deirdre
Your place or mine - where you store data - whose server?
Security - changes depending on which server its on.
Ian Goldberg-prepaid cash card-spendcash
Bar codes on paper money in the Netherlands. Not anonymous anymore!
Rohan-many people use prepaid cellular cards outside the US.
?why ecash systems have all failed so far?
Critical mass issue. Not widely used by large numbers of people.
Some payment systems are gaining critical mass.
Ian Brown-prepaid "anything"- he's worried that prepaid cards will quickly
become non-anonymous because of the war on drugs and money laundering.
Adam- credit cards ubiquitous in US even though they have only been around
for about 50 years.
? for a lot of transactions, cash is used because its easy in meatspace.
And why would I use ecash over the net if there is no enforcement mechanism.
Phil-cryptographic protocols for sending and receiving ecash.
Deirdre-bleed over on confusion between debit cards and credit cards,
particularly surrounding liability.
Alma-credit card fraud is a headache - any way that ecash can be like cash-
merchants can accept it and not worry that they can't accept it.
Carl Page-CPSR - rocket cash -- .for teenagers
Joel-consume motivations -- disincentives - floats, and the $ doesn't leave
your account until you get the goods.
?You get things when you use your credit card. You get frequent flyer miles,
etc.
Phil- can we get a toehold into cc infrastructure to use as scaffolding for
anonymous ecash structures. Market forces can then take over to lower the
price of anonymous cash. Creeping erosion of privacy - makes it harder to
make arguments for our privacy. But if we can gain this toehold, then we can
create privacy expectations.
Deborah H/ Is cash on the net desireable?
Ian Goldberg- we need to worry about the clearing system. Remind people that
its useful to have anonymous commerce on the net, but we need to be able to
have a way to deliver the anonymous cash via an anonymous way - ie no
tracking of IP addresses.
?Mondex...(turns out it isn't anonymous)
Deirdre - small steps we can take -- should we have the ability to not have a
transaction recorded but then not have the ability to context that
particular transaction.
Lenny- re: barcoding cash - we have serial numbers on cash --.re: porn getting
VCRs accepted - citations? Re:cc companies - citataion for FedEx gets
numerous subpoenas every day - particularly at the height of the tobacco
litigation. Banks - if you don't want subpoenas don't collect the
information.
Wrap up.
Re: DNS, biz, cash - theme: incremental change. How do we prototype these
systems so that we can figure out what to do with them.
Mailing list to talk about these issues on the CFP pages.